Alternative Access Mappings (AAM) issue accessing from internal and external URL's

Similar Messages

• Exchange 2010 and 2013 coexistence Internal and external URL

  Hi all,
  been reading alot of threads about Outlook anywhere and virtual directories in co-existence exchange 2010 and 2013.
  Still i dont get any smarter.
  Here is scenario:
  Exchange 2010
  Cas1
  Cas2
  Mailbox1
  Mailbox2
  Casarray is Exchange.casarray,com ( internal dns pointed to CAS1 in exchange 2010).Seems like by default both exchange 2013 cas servers are added to the casarray.
  Exchange 2013
  CAS+Mailbox
  Cas+Mailbox
  DNS
  mail.exchange.com pointing to VIP (kemp loadbalancer)
  Autodiscover ( pointed to same vip ,kemp load balancer)
  Outlook anywhere on all servers (2010 and 2013)
  Internal ( pointing to VIP on Kemp)
  External ( pointing to external IP,then it passes firewall that again passes to kemp)
  Problem we are having is when migrating users from Exchange 2010 - 2013.
  Users using Outlook 2010
  restart of outlook and mail  works fine.
  OWA works fine
  Active sync fails ( need to inherit permission of users AD object),wait couple of hours then mobile can sync again.)
  Users using Outlook 2013
  Outlook in disconnected status,only fix is to create new profile.
  OWA works fine
  Active sync fails ( need to inherit permission of users AD object),wait couple of hours then mobile can sync again.)
  Question is,what should be set for internal and external url (active sync,owa,ews)on 2010 and 2013 servers?
  Where is the config wrong?
  Thanks!
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

  Hi Martina,
  did the test as mentioned,even tried both CAS 2013 servers.Flush and registerdns didnt help.
  Still Outlook is Connected to the cas.exchange.as (which again Points to 1 of Exchange 2010 servers),
  Tried repair Outlook profile,no og.Only fix is to setup New account.
  Any more tips?
  thanks!
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

• Unable to activate internal and external urls at the same time

  Hi,
  We have Configured EBS R12 in DMZ setup as described in Figure F-9 of metalink note 380490.1 ,Option 2.4: Using Reverse Proxy with no External Web Tier.
  refering to 726953.1 Case History: Implementing a Reverse Proxy Alone in the DMZ Configuration - R12.
  but Not able to activate internal and external urls at the same time in this configuration. Only the node where last autoconfig was run getting activated as web node.
  When trying to accees the url of the other node it gets redirected to the url (where autoconfig is last run).and for this error observed is Error Code:502 Proxy Error.The specified Secure Sockets Layer (SSL) port is not allowed.(12204).
  For both external and internal services are UP.opmn status is live no error.
  Using Apache as reverse proxy.
  EXTERNAL Reverse proxy settings:
  s_login_page http://LONWEB01.process.com:81/OA_HTML/AppsLogin
  <TIER_DB oa_var="s_isDB">NO</TIER_DB>
  <TIER_ADMIN oa_var="s_isAdmin">NO</TIER_ADMIN>
  <TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
  <TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
  <TIER_NODE oa_var="s_isConc">NO</TIER_NODE>
  <TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
  <TIER_NODEDEV oa_var="s_isConcDev">NO</TIER_NODEDEV>
  <TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
  INTERNAL Middle Tier settings:
  s_login_page http://stprojapp01.test.com:8005/OA_HTML/AppsLogin
  <TIER_DB oa_var="s_isDB">NO</TIER_DB>
  <TIER_ADMIN oa_var="s_isAdmin">YES</TIER_ADMIN>
  <TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
  <TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
  <TIER_NODE oa_var="s_isConc">YES</TIER_NODE>
  <TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
  <TIER_NODEDEV oa_var="s_isConcDev">YES</TIER_NODEDEV>
  <TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
  Are we missing anything....
  Thanks & Regards

  Hi,
  Finally it's resolved...Following is the solution thought to share in the forum:
  The configuration of the E-Business Suite environment for DMZ requires profile options hierarchy type to be set
  to SERVRESP.
  To change the profile options hierarchy type values to SERVRESP, execute the following SQL script as
  shown below:
  sqlplus / @/patch/115/sql/txkChangeProfH.sql SERVRESP
  After successfully completing the above sql script, run Autoconfig in all nodes to complete the profile options configuration.
  It's resolved after doing this..

• Issues recording with internal and external mics -  blip blip noises

  soon as a click record it begins to record my voice but it also makes these audable "blip blip" noises every second which come through the speakers and then recorded in the track. i can record with audacity fine. i have checked the tracks properties and removed any filters but this still happens.. this happened awhile back and since then the machine has been formated so a new install has already occurred.
  very confused

  http://www.bulletsandbones.com/GB/GBFAQ.html#metronome

• Single URL for internal and external CRM access when using IFD

  Hello,
  At one of our client site I have setup IFD on CRM 2011. This IFD is behind TMG. My client is a big corporation therefore all CRM components including CRM, ADFS and SQL are on separate servers.
  I have configured IFD using single url https://orgname.contoso.com Their IT staff wants to know why can't they use single URL for internal and external access where internal users are nto prompted for authentication
  when logging on to the CRM server. I know you can do URL re-write in ADFS but they want to know the reason "why internal users can't use the same IFD URL and don't get prompted for their credentials". Text below is from their IT staff.

  There are several approaches to your question.  You need to set up both an internal and an external relying party trust. If you use the external URL, it will always direct you to the signin page, if you use the internal URL, it will resolve you single
  sign on.
  I've configured IFD for CRM multiple times, and this is how it works. CRM looks at the URL. If you use the external URL (org.domain.com), it will prompt for credentials. So what you are asking for, a single URL that works single sign on internally and prompts
  externally really isn't possible.
  What I recommend is:
  1. make the external URL available internally
  2. Configure all outlook clients against the external URL, that way you won't have to reconfigure when someone goes internal to external
  3. Have users who are primarily internal use the internal URL for the web client, which will resolve single sign on
  4. Have users who are primarily external use the external URL for the web client
  For #1, since you only need to enter the credentials when you first configure CRM, it is in all effects single sign on.
  One thing I haven't tried that may work is using IIS redirect internally to redirect the external URL to the internal URL. There is also a powershell script in the IFD guide that you can use to make the outlook client switch between the internal and external
  URL's, but nothing that will give you a single URL that works as the internal relying party trust when internal and the external relying party trust when you are external.

• Internal and External sources for OBIEE

  Hi,
  When we say OBIEE can integrates data feeds from internal and external sources..what exactly does this mean. Can OBIEE even do that? Thanks

  Hi,
  We have a requirement where the data sources are from internal and external sources. I was not sure of it too and so raised the question on forums. I am assuming internal sources would be Oracle etc within the system and external would be out of the application. Not sure exactly what is meant by it.

• Leopard.  Did a full restore from Time Machine.  Now I can't access my other internal and external drives.  I get the following error: The folder "Capture Video" can't be opened because you don't have permission to see its contents.

  Leopard.  Did a full restore from Time Machine.  Now I can't access my other internal and external drives.  I get the following error: The folder “Capture Video” can’t be opened because you don’t have permission to see its contents.  I have repaired permissions pn the main harddrive.  When I try too click on a disk I get the previously stated error.  I can't even open up information to see what permission/access there is.  It simply will not let me see the content.  It shows the content of my main hard drive when I have clicked the other harddrive's name.

  Solved:
  sudo chflags 0 /Volumes/"FCP Time Machine BU"
  sudo chown 0:80 /Volumes/"FCP Time Machine BU"
  sudo chmod 775 /Volumes/"FCP Time Machine BU"
  sudo chmod -N /Volumes/"FCP Time Machine BU"

• Best practises regarding Internal and External access to SIM

  Currently we have two separate Active Directories one internal and one in the DMZ and plan to have one SIM on an segmented network allowing access for our internal users directly to SIM UI and external users thru portlets that talks to SIM.
  The external AD hosts some internal users that also needs access to the DMZ applications so we can save efforts in managing to separate SIM environments in development, tests, upgrades, unique UID etc...
  What are the best practices on the market is this a preferred choice with only one SIM or with one SIM internally and one SIM in DMZ hosting suppliers, customers etc?
  With a single SIM environment are you allowing internal users accessing SIM from Internet to change internal AD password or have you restricted the functionality in some way for internal users accessing SIM from internet?
  How about challenge response questions are you allowing users to have the same both internally and externally or setup different for different user interfaces?
  Anyone willing to share how your environment is setup for internal and external access?

  Yes for handling the access to the SIM we probably need to look into some kind of access management solution to get it to work in a secure way.
  The question is a bit complex with many different factors controlling the outcome of the SIM implementation, but I hope to get some idées with this thread of how we can solve it.
  The question still remains if its common to have one or to SIM's and what internal users is allowed to do in SIM from Internet.
  Ex are internal users allowed to change their password in internal Active Directory thru SIM from Internet or what have others done to limit the functionality?

• Use Same URL for Internal and External Access for CRM 2015 IFD

  I have setup a CRM2015 server for IFD access.
  ADFS and CRM are on separate servers.
  CRM server all roles
  ADFS 2.0 server.
  Using the internal URL I am able to access CRM without entering my details (as expected)
  Using the external URL I am authenticated by ADFS as expected and can sign in.
  We have an internal domain domain.local
  We have an external domain domain.com (the certificate is for *.domain.com)
  We have a DNS zone created internally for domain.com.
  CRM URLs
  internal : internalcrm.domain.com
  External : externalcrm.domain.com
  I would like all users to use the same link regardless of them being internal or external, but I would like so that any user who is on the domain is automatically logged in without entering their username and
  password. What is the best way to do this?
  I have tried creating a cname record on the internal domain.com zone pointing externalcrm.domain.com to internalcrm.domain.com but that didn't work, I still get the ADFS sign in page.
  Thanks

  So fair warning, what you're asking for isn't really a supported deployment method of CRM.
  That said, you should be able to do some DNS trickery internal to your network that points your "crm.domain.com" to "crm.domain.local" and then hopefully CRM will treat the connection as if it came from an internal network.
  Otherwise, you're likely going to have to accept that everyone gets the ADFS login page internal and external to your network.
  The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

• All my hard drives (internal and external) have a small lock in the lower left corner of the icon and I don't have permissions to access. Permissions are set to 'Custom' in the get info window and I can't change them.

  All my hard drives (internal and external) have a small lock in the lower left corner of the icon and I don't have permissions to access. I have 3 user accounts set up and I cannot access any of them.   Permissions are set to 'Custom' in the get info window and I can't change them. Originally I had Snow Leopard installed on one hard drive and 10.5.8 installed on another.   I started to have some problems accessing data between them and so I tried changing the permissions on ONE hard drive partition.   The next thing I know, all my drives are locked (except the ones with the systems on them), the small lock appeared in the lower left corner of the drive icons and I don't have permissions to access any of them.   In the get info window, permissions are set to 'Custom' and I can't change them.

  There is suddenly a lock icon on my external backup drive!
  Custom Permissions

• HT4847 how do i access movies I have downloaded from itunes and permanently erase them from my cloud?

  how do i access movies I have downloaded from itunes and permanently erase them from my cloud?

  Hey okapi22,
  Thanks for the question. Assuming you are attempting to clear up iCloud storage, it's important to note that iTunes purchases do not count against this storage. For more information, see the following:
  Your iCloud storage is used for iCloud Backup, app data and documents stored in iCloud, and iCloud Mail (your @icloud.com email account).
  iCloud: iCloud storage and backup overview
  http://support.apple.com/kb/PH12519
  Additionally, you are not able to delete purchases from iTunes in the Cloud, but you are able to hide them.  Take a look at the following article:
  iTunes Store: Hiding and unhiding purchases
  http://support.apple.com/kb/HT4919
  Thanks,
  Matt M.

• PO number range- change from internal to external  and then change it back

  we have following situation- we had certain issues with the system where most of the data got curreptrd except data relative to procurement for dates March 7 to March 30.  We have extracted the procurement data - PR / PO etc for the dates March 7 to March 30 and we want to upload this data in the uncorrupted enviornment dated  March 6 using the old numbers originally assigned by the system.
  I need to change the configuration for PR and PO number range from Internal to external so we can upload PR and POsfrom March7 to March 30 and then swich the number ranges back to internal so we can enter new data dating from March 31.
  What is the best way to do this?
  Thanks in advance
  Raj

  Hi
  Create external number range and assign  it to theno. range external in that Document type then you can use both internal and external number ranges for that doc without disturbing the system once completed remove the external number for that doc type. while creating the PO give the number you want before saving so that the PO will be saved with the number you had given.
  Note: Make sure that you are not using duplicate PO no already assigned
  Kiran

• Change from Internal to External Number range for customer account group

  Hi,
  We would like to change the number range assignment for a customer account group from internal to external. The external number range assignment check box is greyed out as a few numbers in the range have already been used up.  We want to do the internal to external assignemnt change, create a customer of a specific number, and revert the range back to internal assignment. Is this possible?
  Appreciate your help.
  Ram

  Hi,
  Please do the below steps:-
  (1) Go to XDN1 and click on "Maintain status" button. Note down the current status and change the status to zero. Save.
  (2) Again go to SDN1 and click on "Maintain No. Range" button, and change the no. range to external. Save. (if that number range is maintained for multiple years, then make it external for the first yer and for the subsequent years, it will become automatically.)
  (3) Then create your customer with specific number.
  (4) Then go to XDN1 and click on "Maintain No. Range" button, and change the no. range to internal. Save. (if that number range is maintained for multiple years, then make it internal for the first yer and for the subsequent years, it will become automatically.)
  (5) Again go to XDN1 and click on "Maintain status" button. Maintain the current status as the number noted down in step (1) above. Save. (In case number created in step (4) is greater than the number notes in step (1), maintain the number of step (4) in current status.)
  Regards,
  Gaurav

• How to change number range from internal to external?

  Hi Experts,
  I have changed the number ranges for accounting document for company code (A1) external to internal and posted one accounting document using the tr.code FBN1. Now i need to revert back the changes for the number range from internal to external. i am not able to cancel the accounting document as its cancellation accounting document? please let me know any other way to change the number range from external to internal?
  Thanks & Regards,
  Raj

  Hi Siva,
  Thanks for your reply. But my expectation is any other way to change the number range from internal to external instead of going new number range (By taking any technical help)?

• SharePoint 2013 - Office Web Apps - Internal and External Use

  I have successfully installed SharePoint 2013 and Office Web Apps on Azure VMs inside an Azure Virtual Network (IaaS model). Everyting is working well. However, my testing has shown that external users and internal users can't use Office Web Apps at the
  same time.
  Office Web Apps, installed on its own vm, accomodates an external and internal URL quite well. However, SharePoint 2013 appears to only allow one setting for WOPI Zone, either internal or external but not both. I've set the WOPI zone to Internal-HTTPS (Set-SPWOPIZone
  –Zone “internal-https”). OWA works just fine if accessed from inside the Azure Virtual Network. However, if I try to access from outside the Virtual Network, from the Internet, Office Web Apps fails. The exact oppisite is also true. I can set WOPI Zone to
  External-HTTPS and accessing from the Internet works fine, but accessing inside the Virtual Network fails.
  Am I missing something? I, obviously, want Office Webs Apps to function properly for both internal and external users simultaneously.
  I appreciate any help anyone can provide here.
  Glenn

  Hi Glenn,
  To have both the use of Internet and Internal available to your end-users, you first need to configure AAM setting. Open Central Administration > Application Management > Configure alternate access mappings. Let's say there is an existing web application
  named http://sharepoint and my end-users from local network are able to access it using the URL http://sharepoint (root site collection). Here you need to add the Internet URL by select the web application and click Edit Public URLs. Add the Internet domain
  to the web application, e.g http://sharepoint.abc.com. You don't necessarily have to edit binding setting in IIS. Before continuing next steps, make sure you are able to access http://sharepoint.abc.com from the Internet while being able to access http://sharepoint
  from local network (aka Internal).
  On the machine where Office Web App (OWA) Server 2013 is installed, open PowerShell to add OWA module and use the following command to re-create a new OWA server farm if you've completed configuring it previously.
  New-OfficeWebAppsFarm -InternalUrl "http://owa" -ExternalUrl "http://owa.abc.com" -EditingEnabled.
  In this case, I'm not using SSL certificate to encrypt data over the Internet. You can use Internet-public IP of the OWA server like -ExternalUrl "http://198.xxx.xxx.xx". Add CertifcateName parameter if you want to use whether CA-issued certificate
  or self-signed certificate.
  On your SharePoint machine, you need to re-bind all WFE machines to WAC farm using the cmdlet New-SPWOPIBinding. Next, you need to set the WOPI zone for both internal and external.
  Set-SPWOPIZone -zone "external-http"
  Note: I'm not all using certificate in my guidance. But the steps to have it configured is just to add more parameter. 
  I've recently successfully deployed OWA multi-server farm for both internal and internet uses for two big clients. In real-world scenario, ideally OWA should be published through firewall (Forefront UAG, TMG, F5...etc). Please let me know if you still have
  issues after following my steps. My email: [email protected]
  Regards,
  -T.s
  Thuan Soldier
  A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
  SharePoint Vietnam |
  Blog | Twitter